[Mailman-Developers] Auth databases redux [was: GSoC 2015: brainstorming ... beginners?]

[Ian Eiloart]

> On 22 Feb 2015, at 22:10, Andrew Stuart <andrew.stuart at supercoders.com.au> wrote:
> 
> Yes that’s a reasonable line of thought Stephen. You are correct I haven’t made any attempt to integrate with enterprise auth systems. Also, I’ll avoid describing my auth server as ‘the auth server’.
> 
> Is there anything that would define what sort of functionality is required for enterprise integration?

For the University of Sussex, UK, we’d love to have LDAP integration to authenticate users against either an OpenLDAP or an Active Directory server. I don’t think there’s much difference, except in the construction of DNs from usernames. We’d need the ability to (a) find a user with an LDAP search, then (b) perform authentication against the LDAP database.

For bonus points, when registering the user, you could also pick up the user’s email address and name from the LDAP database. 

However, while some lists are exclusively for local users, others might include third parties. For example, a list might support a multi-institution research project. So, we need a protected username name-space, too. And, we can’t assume that local usernames map to email addresses, either. So, the email address foo AT sussex.ac.uk might not belong to username foo. 

Oh, and we probably need to support multiple local domains. Particularly subdomains of sussex.ac.uk.

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148